CVE-2006-7197

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

Date published : 2007-04-25

http://www.securityfocus.com/bid/28477

http://issues.apache.org/bugzilla/show_bug.cgi?id=38859